Menu

CATEGORY ARCHIVES: block-china

There have been a number of reports in the last week or two of websites that are apparently being DDoSed from IP addresses in the PRC. This has caused a certain amount of confusion and pain to those affected because there seemed to be no reason for the attack, however the cause has now become clear. As Sucuri explain on their blog, the cause appears to be the so-called "Great Firewall of China":

Blocking foreign countries is one of the simplest and most effective ways to stop data loss and other hack attacks. If your computers/servers/users ... have no reason to communicate with devices in certain countries then a geographic block on the firewall to stop all traffic to/from them is a great way to reduce the threat of infection or data loss. What may be the most serious data breach ever - the loss of some 35 million records of personal data from the Korean company SK Comunications - would have been stopped if the SK Comunications computers had been blocked from communicating with China:

One of the themes of this blog is that IP reputation - when delivered in an actionable form the way we do at ThreatSTOP - can protect against threats that you had no idea existed. There's an interesting Reuter's report that explains the problem:

Many organizations are subject to government regulations such as ITAR or OFAC that prohibit any dealings with certain foreign nations. Many others have countries that they will not do business with for reasons of corporate policy - because of rampant piracy or fraud for example. However with the Internet it isn't always where another computer is located. At least not from the domain name it reports or the place a user fills in as contact address. This means that, wittingly or unwittingly, computers in any organization may be connecting with other computers in locations that they are legally forbidden to have any communication with.

As anyone who reads the technical, financial or even the general news is aware, May has not been a good month for Internet security. We started with Sony which appears to have been comprehensively "PWNed" by one of more groups of criminals and we end up with the news of Lockheed and PBS joining the list of victims. Needless to say these news reports have led to a lot of our customers (and potential customers) asking whether ThreatSTOP's IP Reputation can save them.